Standard Bank tightens online security

Aug 12, 2009

Since 2001, Standard Bank’s online payment option, AutoPay has enabled the bank’s customers to make online purchases without the use of a credit card. Now, AutoPay has undergone a security overhaul which includes the one time password (OTP) feature familiar to users of Internet banking.

AutoPay appears as a button on the websites of AutoPay-enabled online merchants, which when clicked, links the browser of the buyer to their Internet banking facility to allow for a secure transaction using their ATM debit cards.Once on the secure internet banking site, neither the merchant, nor any other person can have access to the information exchanged between the user and Standard Bank.Standard Bank handles between R20-billion and R30-billion in online transactions an year, of which less than one percent is fraudulent, which is largely attributed to the introduction of OTP. This is a good figure compared to a global online fraud average of between 3% and 4%.“For 100 000 of Standard Bank’s million strong customer base, credit cards and the perceived 'debt trap' are not an attractive option. AutoPay makes it possible for those with only a transactional account to make purchases online that were previously restricted to credit card holders alone,” says AutoPay manager Antoinette Hoffman. The new OTP feature gives AutoPay transactions the same security status as other payments going through Standard Bank’s Internet Banking. The OTP facility makes use of two-factor authentication, whereby the delivery of a second password occurs independently of the internet banking session a client uses. The second password is system generated and delivered to the client’s cell phone via SMS, or e-mail address.“The addition of the one-time password feature bolsters security for our users,” says Hoffman, “and it forced fraudsters to become very innovative and collude with third parties and insiders to accomplish what they could formerly achieve independently, which made it far easier for the authorities to detect and ultimately prosecute.” The existence of an AutoPay button also works to assure potential online customers that the website is connected to a legitimate merchant. AutoPay-enabled merchants are screened and held to their obligations through the connection with Standard Bank.As soon as a payment has been successfully submitted, a system-generated confirmation is sent to both the customer and the online merchant. Standard Bank then releases the money to the merchant and advises them to release the goods.“We believe that the AutoPay system is now as close to water-tight as we think we can get it,” says Hoffman. "It is decidedly more secure than credit card payments online, as the customer is no longer required to reveal any of their card information to a third party.”